Education employees lack confidence in sector cybersecurity

New research from LAN3 reveals that cybersecurity strategy is a key concern for those in the education sector

70% of IT staff in the education sector are not confident in their institution’s cybersecurity strategy, according to a study published today by network specialist, LAN3. The study also found that over a third (35%) of education institutions have failed to make significant firewall upgrades in the last three years.

The study questioned directors, senior IT managers and IT staff from over 80 different academic establishments, including some of the UK’s leading universities, colleges and schools. It found a clear gap between the investment in cloud services and the investment in cloud security. 83% of respondents agree they will transition more data into the cloud over the next five years, but only 17% are planning to invest in security infrastructure to protect these new systems.

Budgetary pressures could be to blame for this lack of investment. The study found that in comparison to last year, over half of respondents (52%) reported a lower budget, 32% remained static and only 16% increased. 

With budget pressures on IT teams increasing markedly over the past year, it is a worry that security is not being prioritised.
– Martin Jones, LAN3

End-user behaviour is becoming more of a concern for maintaining security, with 65% agreeing that this is the case. 41% of respondents identify Bring Your Own Device (BYOD) as a key area to prioritize for implementation over the next two years. The study also highlights an issue with staff training, with 37% of respondents identifying poor training of teachers as a key area preventing wider adoption of current services and equipment.

Martin Jones, Managing Director at LAN3 said: “These results are very alarming and give an insight into the state of cybersecurity in the education sector. With budget pressures on IT teams increasing markedly over the past year, it is a worry that security is not being prioritised. Education institutions must dedicate the appropriate level of attention, budget and resource into their cybersecurity strategy.”

Jones continued: “It is also important not to overlook cybersecurity training of staff and education institutions should have in place a comprehensive digital literacy training programme, covering cybersecurity best practices. This would go a long way to improving the end-user behaviour of users connected to education networks.”

“The education sector is becoming increasingly reliant on IT and technology and, as a result, are becoming further at risk of malicious cyber activity. Losing access to this technology, having funds stolen or suffering a data breach through a cyber-attack can be devastating to an institution, both in terms of financial loss and damage to reputation.”